Main Vulnerability Database Vulnerabilities #VU121752

#VU121752 Improper input validation in Oracle Agile Product Lifecycle Management for Process - CVE-2026-21944

Published: January 20, 2026

Vulnerability identifier: #VU121752

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-21944

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Oracle Agile Product Lifecycle Management for Process

Software vendor:
Oracle

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Product Quality Management component in Oracle Agile Product Lifecycle Management for Process. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.oracle.com/security-alerts/cpujan2026.html

#VU121752 Improper input validation in Oracle Agile Product Lifecycle Management for Process - CVE-2026-21944

Description

Remediation

External links

Please verify you're human